SSTI - 1
I made a cool website where you can announce whatever you want! Try it out!Additional details will be available after launching your challenge instance.
We notice an input field that takes our input and redirects us to another page with our input printed.
I tried a XSS script and it worked it is irrelevant but let’s search more now from wappalyzer we are working with python so we should focus on SSTI for python.
I have searched until I found this repo Payload for SSTI python I have scrolled until I found an interesting one
{{ self.__init__.__globals__.__builtins__.__import__('os').popen('id').read() }}This should Yield to execute the command id and it worked
So now we can execute commands now it is time to see where is the flag?
let’s use ls -a and it got this
So our final step will be to read the flag by cat flag